Fix: Incomplete icons in the Dashboard reports area have been updated.

Fix: We’ve removed redirection from the dashboard to the File Scanning page are after preforming a file scan so now you shouldn’t feel lost.

Fix: Lots of other small stuff, like minor cosmetic and grammar fixes.

Version 1.4.1

Fix: Compatibility issue with Getting Started Wizard

Fix: Scanning was sometimes slow or getting stuck

Version 1.4

New: Meet the brand new Defender! This release focuses on making security for WordPress a better place. We’ve given the UI a refresh and updated the UX, so configuring your security settings is a walk in the park.

Fix: A ton of bug fixes & improvements. Yep, vague description! But why bore you with the small stuff when you could be spending time bolstering your site’s security?

Version 1.3

Added: Endpoint API so HUB can work with Defender natively through WPMU DEV Dashboard plugin

Monitor security issues, updates and backups for all your sites from the Hub.

Snapshot Backups

Defender includes 10GB of cloud storage and automated Snapshot backups.

Defender finds areas you can improve and makes suggestions for security tweaks.

Pro Security Tweaks

Security isn’t one-size-fits-all, so Defender will analyze your site, make suggestions for security tweaks and provide easy activation for the most effective layered security measures used by the pros.

Defender is the professional security upgrade you’ve been looking for.

Expose hidden code with regular scans.

Theme & Plugin Code Checker

Defender also checks for known issues with themes and plugins you have installed and scans for suspicious behavior in your system files.

Now you can remove the weak points in your system before hackers can get to them.

Get notified of core file changes and restore order with a click.

Let Defender Do The Crime Fighting

Defender scans the dark alleys of your site to find suspicious code in WordPress and alerts you when something doesn’t look right.

If a core file is corrupt Defender brings order. Restore files to their original state with a click.

Configure Your Defense Network

Visit your WP Admin dashboard, and find Defender in your Admin Menu. Start on the first tab, your Defender Dashboard. The Defender mascot is ready to show you how everything works.

And beneath that you’ll see quick stats for all of the awesome security features. So let’s jump right in and get started!

Hardening

First up is Hardening.

The first hardening check has already been run as soon as you activated the plugin. Clicking “View List” will take you to the full results screen.

Below this overview, you’ll see a detailed list of all the items that need your attention, and those that are already resolved.

Each of the items under Action Needed can be expanded to see a detailed explanation of the issue, as well as a simple process for resolving the issues reported. Here’s a detailed look at the first item in the Action Needed list, “Disable the file editor.”

To resolve the file editor issue, you can simply click “Disable File Editor”. Every issue you might encounter will be as simple, if not more so, as this step to resolve, most only require the user to click a button.

Each of our recommendations and solutions will put an additional layer of protection between your site and those who might wish to harm it or your users.

Security Scan

WP Defender can also scan your site for malicious files and code, and report any suspicious files to you.

Back on the main Dashboard area you first saw, you will see this Security Scan section the first time you use the plugin. Click “Scan My Website” to get started.

You’ll then be taken to the Scan section of Defender where you will be able to watch the progress of your scan. After your first scan is complete, you will then be able to view the results from here; and clicking “Configure” will take you to the Settings section (discussed later in this guide).

To the right of each reported issue, you’ll see 3 small icons. From left to right, these options are:

– Resolve Issue
– False Alarm? Ignore it
– Delete this File

If you are unsure about what the file is, click the first option – Resolve Issue – and a popup will appear with a proposed solution.

The php_errorlog in this example is not a malicious file, so I’m able to ignore this one.

Blacklist Monitoring

Return to the Dashboard for Defender, and you will find this section right below “Hardening”. This feature will scan Google’s blacklisted sites for your site’s URL and notify you if your site has been removed from Google’s index.

Just click “Activate Blacklist Monitoring” to enable this feature.

If you ever need to disable this feature, you can click the orange switch on the top right of this block to do so.

Automatic Scans

Right below Blacklist Monitoring, you’ll find a section for “Setup Automatic Scans”. Setting up automated scans is very simple, just enter the frequency, date, and time, and then click “Activate”.

Once activated, you can then update the schedule for your automated scans from this same section. Just change the date, frequency, or time and then select “Update”. Or to disable the scans entirely, click the small orange switch in the top right corner of this section.

You’ll find more on configuring the settings for your Security Scans & Automatic Scans in the Settings section of this guide.

Audit Logging

To the right of Blacklist Monitoring and Automatic Scans, you’ll find the Audit Logging section.

Select “Enable Audit Logging” to get started.

And then let’s click on “Configure” to check out the Audit Logging section.

The top section is where you’re able to search for a specific user’s activity, filter by date range, and show/hide what events you are interested in seeing. Immediately beneath that, is where your Audit Log results will appear.

Since I just enabled Audit Logging on this site, there weren’t any results to view yet. But below is an example of what you may see when you go to check your Log.

From this screenshot, you can see that I was busy uploading PNG files to the media library. You’re able to see the exact file name & save location, the date of the action, the type of file, the IP address where the action was performed from, and finally who performed the action – if they were logged in.

Pretty nifty, ya? I think so! :)

IP Lockouts

Back on the Defender Dashboard, we can now configure the last feature – IP Lockouts.

Here you’ll be able to view the quick stats on any IP Lockouts that occur this week. Since we haven’t activated this feature yet, there isn’t much to see. So click “Configure” in the top right, and let’s get started.

After selecting “Configure” you’ll be taken to the IP Lockouts section. There are a lot of different options here, so we’ll go through them one by one so you can get the most out of this feature.

Login Protection

The first option we want to configure is Login Protection. Click the pretty blue “Enable” button to begin, as shown in the previous screenshot.

Now you can configure the following settings:

Lockout threshold – define the number of failed attempts within a certain period of time that will trigger a lockout. The default setting is 5 failed attempts, within 300 seconds.

Lockout time – how long the lockout will last for, once triggered. You can also opt to permanently ban anyone that’s been locked for failed logins.

Lockout message – choose the message that will be displayed after a user has been locked out. You can also preview how the message will appear on your site by clicking the blue “here” link.

Ban admin user logins – here you can opt to automatically ban any IPs that attempt to log into your site using the “Admin” username. Which is usually the first thing that hackers will try when attempting to access your site. It’s also a good idea to make sure the username for your administrator account is something unique; details on that (plus other tips) can be found on our blog here.

If you make any changes to this section, be sure to hit “Update Settings” before proceeding to the next section.

404 Detection

Next up is 404 Detection. This feature allows you ban IP addresses that repeatedly try to access pages that do not exist. Click the blue “Enable” button to begin.

Lockout Threshold – just like with Login Protection, you can adjust how many events within a certain period of time will trigger a lockout. In this example, if a single IP address receives 20 404 errors within 300 seconds, then their IP will be temporarily locked out from your site.

Lockout Time – here you can indicate how long you would like the lockout to last for. And you can even permanently ban IP address that trigger your 404 lockout.

Lockout Message – in this section you can customize the message that will appear to your site visitors when they’ve been locked out after triggering a 404 Detection lockout.

Whitelist – in this section you can define any files or pages that you know are commonly searched for, but missing from your website. This will prevent your actual members from being locked out during their usual browsing.

Ignore File Types – similar to the above section, you can define specific file types that you would like to be excluded from triggering a 404 Lockout.

Exclusions – this section is where you can choose whether or not to monitor the 404s that come from logged in users. If you would like these interactions monitored (and for the 404 Lockout rules to apply), then leave the box checked. If you would like to disable the monitoring of these interactions, then simply uncheck the box.

And finally, if you’ve made any changes at all to anything under the 404 Detection tab, be sure to click “Update Settings” before navigating to a new page.

IP Blacklist

From here, Defender allows you to permanently ban persistent troublemakers via IP their IP address. The IP addresses will remain banned until you manually choose to remove them from the list.

Blacklist – pretty self explanatory what goes here. Just list any IP addresses that you would like to have banned. One IP address per line in IPv4 format. You can also ban IP ranges in the format of xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx

Lockout Message – another opportunity to craft a custom lockout message to let those ne’er do wells know you’re onto them. This one is of course for those that you’ve personally banned by adding to the Blacklist above.

Whitelist – and what would a good security service be without a Whitelist to protect the innocent? :) Here you can add any domains that you would like to make sure are never locked out of your site. The accepted format is the same as for the Blacklist: One IP address per line in IPv4 format. You can also ban IP ranges in the format of xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx

Import & Export – these features are really nifty! If you ever need move your Blacklist & Whitelist to another website, instead of manually copy+pasting all those IP addresses, you can simply Export a CSV file with the complete record. Then all you need to do is Import the CSV file into Defender on your new site. How cool is that?

Logs

Under Logs you can view all Lockouts that have occurred within the past 30 days. You’ll be able to view the reason for the Lockout, the IP address that was locked out, and the date.

In my example above no Lockouts have occurred since this is a brand new site. But let’s take a look at an example from a live website that has had some activity this past week.

In this example, you can see that 351 events have been recorded in the past 30 days.

In the top right hand corner I can choose whether I’d like to view all of the results, or filter by a specific Lockout type or event. I can also go through the pages and review all of the events in the log.

For each event you will be able to see what type of event it was (indicated by the small colored box on the left), the reason the event occurred, the IP address that triggered the event, and the date the event occurred.

To the right of each event you will also see two blue links – Ban & Whitelist. By clicking either of these links, you can automatically add the IP address to the respective list (Blacklist or Whitelist).

Notifications

The section is also pretty self explanatory. Here is where you are able to enable the email notifications you’d receive when a Lockout occurs.

You can also add additional email recipients if you would like someone other than the site admin to be notified. This is great if you have a team of folks helping you to manage your site that you would like to keep in the loop.

And of course click “Update Settings” if you make any changes.

Reporting

Now let’s move onto the Reporting section.

Like the Notifications section, you can choose whether or not you’d like to receive a regular report regarding all of the events that have been recorded in your Logs.

You can decide the frequency, the day of the week, and the time of day you’ll receive these reports.

And beneath “Time of Day” you will also see when the next scheduled report is to be sent.

You can also add additional email recipients to the list if you need other team members to receive these reports.

Don’t forget to “Update Settings” if you made changes!

Settings

And finally, last but not least, “Settings”. You can find this section on the bottom left of your wp-admin area, underneath “Defender”. This section is where you are able to configure your Automated Scans, as well as customize the reports you’ll receive once a scan is complete. (Refer to earlier in this guide for information regarding Automated Scans)

Scan Types – toggle the switch to disable or enable specific portions of the security scans. We of course recommend leaving all of these enabled.

Max Included File Size (MB) – you can have Defender automatically skip large files. This will help Defender scan your site faster too. Just indicate how many megabytes the largest file should be that will be scanned. In this example, all files over 10MB will not be scanned by Defender.

Enable All Email Reports – here you can opt to receive email notifications even when everything is running perfectly. Defender of course will notify you whenever something is wrong, according to the settings you configured in earlier sections.

Email Recipients – Here, you’ll be able to add users who’ll be notified when the site fails or passes a security scan.

Email Templates – At the bottom of the page, you can customize the text of the pass/fail emails. We’ve included a handful of macros to easily insert custom information.